Snort mailing list archives
Snort - Logsurfer examples
From: Matt Howell <mhowell () cybarworks com>
Date: 01 May 2003 15:00:28 -0700
Due to a high volume of redundant alerts from swatch, I am finally committing to setting up logsurfer. I have looked at the examples available at: ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/config-examples/emf/snort.txt I have seen many people making suggestions toward using logsurfer, but from my searching of the list, I have not seen any posts of good rules. Can someone post a more verbose rule set? I am new to the regex shorthand so I am trying to "learn through example." I also figured enough people are out there using it that perhaps a discussion about the logsurfer rules might be beneficial... TIA, -Matt ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort - Logsurfer examples Matt Howell (May 01)
- Message not available
- Re: Snort - Logsurfer examples Matt Howell (May 05)
- Message not available
- <Possible follow-ups>
- Re: Snort - Logsurfer examples Matt Howell (May 01)